[Nottingham] gpgpwd - keeping a commandline passwords list

Mike Cardwell nlug at lists.grepular.com
Sun Jun 17 21:18:46 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 17/06/12 21:47, Martin wrote:

> This looks to be an interesting one for those of us living on the 
> commandline:
> 
> Announcing gpgpwd 
> http://blog.zerodogg.org//2012/06/15/announcing-gpgpwd/
> 
> Just wondering if that is secure enough or not?

This is actually very similar to something I wrote for myself and have
been using for a little over a year. Before that, I used LastPass.com,
but then I discovered a vulnerability in it:

https://grepular.com/LastPass_Vulnerability_Exposes_Account_Details

After that incident I decided that I didn't want to rely on the
security of a third party service for my password management any more
and so started using GNUPG and a local text file.

There's a plugin for VIM called "gnupg.vim" that allows you to
transparently work with GNUPG encrypted files. So I started using this
to add password information to a text file, and then wrote a simple
command line utility which basically decrypts the file, greps out the
password and then copies it into the clipboard for 10 seconds. The
encrypted password file is stored in Dropbox for sync and backup purposes.

I've just been looking at the code for gpgpwd. It's Perl, and it's
well written. I would be happy to use this if I didn't already have my
own solution. I definitely would recommend using a password manager
based on GNUPG.

- -- 
Mike Cardwell  https://grepular.com/     http://cardwellit.com/
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3  B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1  BF1B 295C 3C78 3EF1 46B4
-----BEGIN PGP SIGNATURE-----

iQGGBAEBAgBwBQJP3koKMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu
Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt
aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBAFbB/9bstsqpM2d
GI6zjMTe/B/IZisBwImym/pNP2OgEWwS2es4MnVPbGIpm7gEtwtoSxhGSA11ajx0
nI6NhXWn1Eco1auB38+pTnYvxvScZmg2EeBT1+ausdmaUMl1jZ1B+vq509obd6nh
Db72rklJuuaejiwCzKBSz0DVowCik1LhW/kIyEr01NyoDaY/L9yTxLVBfB2zNfi+
52cKVeDzJOShR8vJVdEeYAAO3LKVi7iNM78sFrV3vGssw1u7ln/NjmukEDc4Ea4X
/GPmk+o4C2MA/UC1iWyxKb1waDENLgvt35TRo/YQWKQTQNk1yx/624nO8bU3wmIQ
be+Z8rEFLB5E
=Gxkf
-----END PGP SIGNATURE-----



More information about the Nottingham mailing list